Greetings everyone,
We are approximately 14 items short from my original goal for security
items. Only one objective, regarding tcp_wrappers, had no items written.
All of the security objectives are listed below. If you could contribute
any items related to these objectives, I would be grateful.
<h3>Objective ID 2.9.2: Configuring a router</h3>
<p>Includes task IDs 3.4.3 3.4.6 3.2.1 3.2.2 3.4.1 3.4.2 3.4.4 3.4.5 6.4.1
6.4.3 6.4.4 6.4.5</p>
<p>The candidate should be able to configure ipchains and iptables to
perform IP masquerading, and state the significance of Network Address
Translation and Private Network Addresses in protecting a network. This
objective includes configuring port redirection, listing filtering rules,
and writing rules that accept or
block datagrams based upon source or destination protocol, port and
address. Also included is saving and reloading filtering configurations,
using settings in
/proc/sys/net/ipv4 to respond to DOS attacks, using
/proc/sys/net/ipv4/ip_forward to turn IP forwarding on and off, and
usingtools such as PortSentry to block port scans and vulnerability
probes.
<ul>Key files, terms, and utilities include:
<li> ipchains</li>
<li> /proc/sys/net/ipv4</li>
<li> /etc/services</li>
<li> iptables</li>
<li>routed</li>
<h3>Objective ID 2.9.5: TCP_wrappers</h3>
<p>Includes task IDs 5.2.11</p>
<p>The candidate should be able to configure tcpwrappers to allow
connections to specified servers from only certain hosts or subnets.</a>
<ul>Key files, terms, and utilities include:
<li> inetd.conf, tcpd</li>
<li> hosts.allow, hosts.deny</li>
<li> xinetd</li>
</ul>
<h3>Objective ID 2.9.6: Security Tasks</h3>
<p>Includes task IDs 5.2.22 6.2.2 6.2.7 6.2.8 6.2.9 6.2.10 6.3.5</p>
<p>The candidate should be able to install and configure kerberos and
perform basic security auditing of source code. This objective includes
arranging to receive security alerts from Bugtraq, CERT, CIAC or other
sources, being able to test for open mail relays and anonymous FTP
servers, installing and configuring an intrusion detection system such as
snort or Tripwire. Candidates should also be able to update the IDS
configuration as new vulnerabilities are discovered and apply security
patches and bugfixes.</a>
<ul>Key files, terms, and utilities include:
<li> telnet</li>
<li> Tripwire</LI>
<li>nmap</li>
</ul>
--
Kara Pritchard Phone: 618-398-7360
Author, RHCE Exam Cram
Director of Exam Development http://www.lpi.org/
Site Manager http://www.LinuxUsersGroups.org/
--
--
This message was sent from the lpi-examdev mailing list.
Send `unsubscribe lpi-examdev' in the subject to [EMAIL PROTECTED]
to leave the list.
